> when we download the Active Mq from below Maven link the jar name is " ActiveMQ all", however I could not found this from Active MQ website.
All Maven artifacts are built from the source code. You can find links to all the ActiveMQ source code repositories on the website [1]. You need to look in the actual repository to see the code for a specific Maven module like "activemq-all" which can be found here [2]. > I might miss the release date for 5.17... If you miss anything on the users mailing list you can go back and review the archive [3] which is linked from the website [4]. Justin [1] https://activemq.apache.org/contributing [2] https://github.com/apache/activemq/tree/main/activemq-all [3] https://lists.apache.org/list.html?users@activemq.apache.org [4] https://activemq.apache.org/contact On Tue, Jan 18, 2022 at 9:06 AM Deepti Sharma S <deepti.s.sha...@ericsson.com.invalid> wrote: > Hello Justin, > > The question is , when we download the Active Mq from below Maven link the > jar name is " ActiveMQ all", however I could not found this from Active MQ > website. > > I might miss the release date for 5.17, it would be helpful, if you could > confirm the release date for the same. > > > Regards, > Deepti Sharma > PMP® & ITIL > > > -----Original Message----- > From: Justin Bertram <jbert...@apache.org> > Sent: Tuesday, January 18, 2022 8:33 PM > To: users@activemq.apache.org > Subject: Re: Active MQ All Fix for CVE-2021-44228, CVSS 10.0 (Critical) > > > Does Active MQ all (// > https://mvnrepository.com/artifact/org.apache.activemq/activemq-all > implementation 'org.apache.activemq:activemq-all:5.16.3') is same as > Active MQ Classic? > > I don't understand the question. What exactly are you asking here? > > > When we are expecting the Active MQ 5.17.x version with Log4J 2.17.x? > > This question has *already* been answered on this thread (and many other > places on this mailing list). > > > Justin > > On Tue, Jan 18, 2022 at 8:27 AM Deepti Sharma S < > deepti.s.sha...@ericsson.com.invalid> wrote: > > > Hello All, > > > > 2 questions: > > Does Active MQ all (// > > https://mvnrepository.com/artifact/org.apache.activemq/activemq-all > > implementation 'org.apache.activemq:activemq-all:5.16.3') is same as > > Active MQ Classic? > > When we are expecting the Active MQ 5.17.x version with Log4J 2.17.x? > > > > > > Regards, > > Deepti Sharma > > PMP® & ITIL > > > > > > -----Original Message----- > > From: Justin Bertram <jbert...@apache.org> > > Sent: Sunday, January 9, 2022 1:29 AM > > To: users@activemq.apache.org > > Subject: Re: Active MQ All Fix for CVE-2021-44228, CVSS 10.0 > > (Critical) > > > > For what it's worth, it's already noted on the index page as well as > > the "News" page as well as noted in multiple emails on both the users > > and dev mailing lists. Even searches for "activemq CVE-2021-44228" on > > DuckDuckGo, Google, or Bing provide the relevant information in the > first few results. > > In my opinion if folks aren't finding the information it's because > > they aren't looking. There's always going to be folks like that > unfortunately. > > > > > > Justin > > > > > > On Sat, Jan 8, 2022 at 10:07 AM Jean-Baptiste Onofre <j...@nanthrax.net> > > wrote: > > > > > Hi Tim, > > > > > > Good idea, I think it would be helpful to have it directly on index > > > page and contact yeah. > > > > > > I can do the change if everyone agree. > > > > > > Thanks ! > > > > > > Regards > > > JB > > > > > > > Le 8 janv. 2022 à 16:44, Tim Bain <tb...@alumni.duke.edu> a écrit : > > > > > > > > JB, should we put that link somewhere prominent on > > > > https://activemq.apache.org/contact for a few months? I believe > > > > all the users who posted questions about the CVE were first-time > > > > posters who > > > likely > > > > went to that page before posting questions, so we might be able to > > > > save everyone the time and frustration by heading off the question > > > > for > > folks. > > > > > > > > Tim > > > > > > > > On Sat, Jan 8, 2022, 6:01 AM Jean-Baptiste Onofre > > > > <j...@nanthrax.net> > > > wrote: > > > > > > > >> Hi, > > > >> > > > >> Again, a new time: > > > >> > > > >> https://activemq.apache.org/news/cve-2021-44228 > > > >> > > > >> AGAIN, ActiveMQ 5.15/5.16 are NOT affected by log4j 2.x CVE > > > >> because they are using log4j 1.x > > > >> > > > >> ActiveMQ 5.17.x (not yet released) will use at least log4j 2.17.1. > > > >> > > > >> Regards > > > >> JB > > > >> > > > >>> Le 8 janv. 2022 à 11:35, Deepti Sharma S > > > >>> <deepti.s.sha...@ericsson.com > > > .INVALID> > > > >> a écrit : > > > >>> > > > >>> Hello Team, > > > >>> > > > >>> As we have Log4J vulnerability CVE-2021-44228, CVSS 10.0 > > > >>> (Critical), > > > can > > > >> you please confirm, when we have ActiveMQ all, version release > > > >> which has this vulnerability fix and has Log4J version 2.17? > > > >>> > > > >>> > > > >>> > > > >>> Regards, > > > >>> Deepti Sharma > > > >>> PMP(r) & ITIL > > > >>> > > > >>> > > > >> > > > >> > > > > > > > > > > > >
